nTimetools
nTimetools is a suite of console tools developed to work with timestamps in Windows. nTimetools comprises 2 tools that allow both forensic analysts as well as red teamers to modify and verify file timestamps up to 100-nanosecond precision. nTimeview allows forensic analysts to view the MACB timestamps of files on a live system. It uses the undocumented NtQueryInformationFile API. As such, it works on NTFS/FAT and even mapped drives. It does not require privileged access. nTimestomp allows red teamers to timestomp MACB timestamps of files with 100-nanosecond level precision. Forensic analysts are usually taught to spot 0s in the millisecond position as evidence that timestomping has occurred.
FEATURES
EXPLORE BY TAGS
SIMILAR TOOLS
mac_apt is a versatile DFIR tool for processing Mac and iOS images, offering extensive artifact extraction capabilities and cross-platform support.
Truehunter is a tool designed to detect encrypted containers with a focus on Truecrypt and Veracrypt, utilizing a fast and memory efficient approach.
A tool for parsing and extracting information from the Master File Table of NTFS file systems.
Tool for parsing Android logs events and protobuf data
Free software for extracting Microsoft cabinet files, supporting all features and formats of Microsoft cabinet files and Windows CE installation files.
A comprehensive incident response tool for Windows computers, providing advanced memory forensics and access to locked systems.
dc3dd is a patch to the GNU dd program, tailored for forensic acquisition with features like hashing and file verification.
Automated tool for parsing Windows registry hives and extracting valuable information for forensic analysis.
PINNED
Mandos
Fractional CISO service that helps B2B companies implement security leadership to win enterprise deals, achieve compliance, and develop strategic security programs.
Checkmarx SCA
A software composition analysis tool that identifies vulnerabilities, malicious code, and license risks in open source dependencies throughout the software development lifecycle.
Orca Security
A cloud-native application protection platform that provides agentless security monitoring, vulnerability management, and compliance capabilities across multi-cloud environments.
DryRun
A GitHub application that performs automated security code reviews by analyzing contextual security aspects of code changes during pull requests.